This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications

To: Ulrich Drepper <drepper@cygnus.com>, Andi Kleen <ak@muc.de>
Subject: Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
From: Andi Kleen <ak@muc.de>
Date: Fri, 23 Oct 1998 19:33:35 +0200
Cc: Mark Kettenis <kettenis@wins.uva.nl>, aj@arthur.rhein-neckar.de, libc-hacker@cygnus.com
References: <u8g1cfuwvq.fsf@arthur.rhein-neckar.de> <199810231615.SAA23685@landau.wins.uva.nl> <r21znz9qdb.fsf@happy.cygnus.com> <19981023185154.A13144@kali.lrz-muenchen.de> <r2yaq78ade.fsf@happy.cygnus.com>

On Fri, Oct 23, 1998 at 07:18:53PM +0200, Ulrich Drepper wrote:
> Andi Kleen <ak@muc.de> writes:
> 
> > Ok. But could you at least remove the fflush(fh) from getpass? It 
> > definitely accounts for >50% of my failed su attempts. Libc5
> > didn't flush and working with su was smoother. I think it offers
> > no security advantage.
> 
> This was indeed added for security reasons.  I cannot remember the
> details anymore, though.

Assuming it was added to prevent any already queued data from entering
into the su session: it would have exactly the same advantage if the
flush was done after the password read.  If the attacker already knew 
the password all security measures are too late. If he doesn't he will
never pass the password check, no matter what he queues first.  This is
the reason why the flush is completely useless, but if you would insist
on keeping it (I hope you don't @) it would be at least less annoying 
to have it after the password entry (because any missing characters are
then at least visible and can be easily corrected) 

-Andi

Follow-Ups:
- Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Geoff Keating <geoffk@ozemail.com.au>

References:
- [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Andreas Jaeger <aj@arthur.rhein-neckar.de>
- Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Mark Kettenis <kettenis@wins.uva.nl>
- Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Ulrich Drepper <drepper@cygnus.com>
- Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Andi Kleen <ak@muc.de>
- Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Ulrich Drepper <drepper@cygnus.com>
- Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
  - From: Ulrich Drepper <drepper@cygnus.com>

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]